This page last changed on Feb 04, 2012 by jdeolive.


Make Geoserver ready for access control specific to geodata and evaluate Single Sign On technologies.

This proposal has been superseded by GSIP 71 - New Security Subsystem.

Proposed By

Christian Mueller

Assigned to Release

This proposal will be implemented for release 2.1.0 or a later one, depending on GSIP 54 which is a prerequisite.


Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred


Spatial Data causes additional requirements for access control,  an example is given in the proposal section. Since most of the OGC Web Services are stateless, it makes sense to offer the possibility of SSO and allow geoserver deployments working in a host farm (clustering).


This proposal is based on  Spring Security. The actual version of Spring Security is 3.x requiring Spring Framework 3.0. At the time of writing this proposal,  Geoserver uses Spring 2.x. There are 2 possibilities

  1. Using Spring Security 2.x and defer migration to Spring 3.x ( GSIP 54 )
  2. Migrating Geoserver to Spring 3.x and use Spring Security 3.x

The first step is to find a solution for access control specific for geographical data. At a minimum, it should be possible to add a GeoXACML plugin. Normally, an access control decision is a simple YES or NO. This is not sufficient for spatial data. A simple example  to illustrate the problem.

Given: a map of Europe and a layer with all cities of Europe.

Access Control: User Bob has the right to view all cities of Italy, he has no right to see other cities.

Problem: It is not possible to construct the proper WMS GetMap request since Italy is not a rectangle and this kind of request needs a bounding box.


XACML has a concept called obligations. An obligation can be anything, obligations themselves are attached to an access decision. In this example, the result of the access decision system should be YES, but with an obligation telling Geoserver to intersect the city layer with the border of Italy.

The second step is an investigation concerning how nice Geoserver can play in SSO scenarios.

SAML and XACML are possible technologies for taking a deeper look.


This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

No migration are necessary for already deployed Geoserver installations.



[JIRA Task|]
[Email Discussion|]
[Wiki Page|]

Document generated by Confluence on May 14, 2014 23:00